Bitcoin’s Quantum Weak Spot Affects 4.12 Million BTC, New Research Warns
A recent analysis highlights that about 4.12 million BTC, worth nearly $320 billion at current prices, sit in wallets vulnerable to quantum computing attacks due to poor key management practices by their owners. The exposure stems from wallets that reuse addresses or rely on older formats where public keys are already visible on the blockchain, giving future quantum machines a clear target. The findings put fresh pressure on the Bitcoin community to confront a risk that most holders still ignore.
What Makes These Wallets Vulnerable
Quantum computers, once powerful enough, could theoretically reverse-engineer private keys from exposed public keys. Most modern Bitcoin wallets only reveal the public key after the signing of a transaction. But wallets using the older Pay-to-Public-Key (P2PK) format, along with wallets where addresses have been reused after spending, have their public keys sitting in plain sight on-chain.
That’s the core of the problem. Millions of coins are stored in ways that will become unsafe once quantum hardware reaches sufficient scale. The 4.12 million BTC figure captures the total amount sitting in these exposed address types, according to the research shared by blockchain analytics platform Glassnode on May 20.
Right now, no existing quantum computer can crack Bitcoin’s elliptic curve cryptography. Current machines lack the qubit count and error correction needed. But research labs at Google, IBM, and several government-funded projects are making steady progress. Estimates vary widely, from a few years to thirty, but the trajectory points in one direction.
The concern for holders is that coins in vulnerable wallets need to move to safer address formats before quantum hardware catches up. Once a public key is out, the window for theft opens the moment the technology matures.
What Holders Should Do Now
Bitcoin users can check whether their wallets use legacy P2PK addresses or have reused addresses after sending transactions. Moving funds to a fresh SegWit or Taproot address, where the public key stays hidden until the moment of spending, reduces exposure significantly.
The wider Bitcoin developer community has discussed post-quantum signature schemes, but no consensus upgrade is imminent, so for now, the responsibility falls on individual holders.
The 4.12 million BTC figure quantifies the attack surface. If quantum-capable adversaries emerge before those coins move, the fallout would be severe enough to shake confidence in the entire network.